NY regulator memo: Notice of Inquiry on Virtual Currencies

[jgarzik]

URL: http://dfs.ny.gov/about/press2013/memo1308121.pdf
reddit: http://www.reddit.com/r/Bitcoin/comments/1k7e18/ny_regulator_memo_notice_of_inquiry_on_virtual/

FROM: Benjamin M. Lawsky
, Superintendent of Financial Services
DATE: August 12, 2013
RE: Notice of Inquiry on Virtual Currencies
______________________________________________________________________
New York has a long history of promoting technological innovation – both within the financial sector and across our economy.

As innovative products emerge, it is critical to take steps that allow new technologies and industries to flourish, while also working to ensure that consumers and our national security remain protected.

The emergence of Bitcoin and other virtual currencies has presented a number of unique opportunities and challenges. Building innovative platforms for conducting commerce can help improve the depth and breadth of our nation’s financial system. However, we have also seen instances where the cloak of anonymity provided by virtual currencies has helped support dangerous criminal activity, such as drug smuggling, money laundering, gun running, and child pornography.

If virtual currencies remain a virtual Wild West for narco traffickers and other criminals, that would not only threaten our country’s national security, but also the very existence of the virtual currency industry as a legitimate business enterprise.

Indeed, it is in the common interest of both the public and the virtual currency industry to bring virtual currencies out of the darkness and into the light of day through enhanced transparency. It is vital to put in place appropriate safeguards for consumers and law-abiding citizens.

As such, the Department of Financial Services ( DFS ) has launched an inquiry into the appropriate regulatory guidelines that it should put in place for virtual currencies. DFS has already conducted significant preliminary work regarding this inquiry, including making requests for information from virtual currency firms. Based on that initial work , we are concerned that – at a minimum – virtual currency exchangers may be engaging in money transmission as defined in New York law, which is an activity that is licensed and regulated by DFS.

Under current DFS regulations, firms engaging in money transmission are required to post collateral in order to better safeguard customer account funds . Additionally, they are required to undergo periodic safety and soundness examinations, as well as comply with applicable anti-money laundering laws. These guidelines for money transmitters help protect consumers and root out illegal activity.

However, DFS is also considering whether it should issue new regulatory guidelines specific to virtual currencies – rather than simply apply existing money transmission regulations . As such, we could also move forward with new guidelines that are tailored to the unique characteristics of virtual currencies.

We believe that – for a number of reasons – putting in place appropriate regulatory safeguards for virtual currencies will be beneficial to the long-term strength of the virtual currency industry.

First, safety and soundness requirements help build greater confidence among customers that the funds that they entrust to virtual currency companies will not get stuck in a digital black hole. Indeed, some consumers have expressed concerns about how quickly their virtual currency transactions are processed. Taking steps to ensure that these transactions – particularly redemptions – are processed promptly is vital to earning the faith and confidence of c usto mers.

Second, serving as a money changer of choice for terrorists, drug smugglers, illegal weapons dealers, money launderers, and human traffickers could expose the virtual currency industry to extraordinarily serious of criminal penalties. Taking steps to root out illegal activity is both a legal and business imperative for virtual currency firms.

Finally, both virtual currency companies – and the currencies themselves – have received significant interest from investors and venture capital firms. Similar to any other industry, greater transparency and accountability is critical to promoting sustained, long-term investment.

We look forward to working with the virtual currency industry and other stakeholders as our inquiry proceeds, and we move to put in place appropriate regulatory guardrails to protect consumers and our national security.

[1714567453]

1714567453

[1714567453]

1714567453

[1714567453]

1714567453

[1714567453]

1714567453

[1714567453]

1714567453

[jgarzik]

Reserved.

[CryptoCat]

Second, serving as a money changer of choice for terrorists, drug smugglers, illegal weapons dealers, money launderers, and human traffickers could expose the virtual currency industry to extraordinarily serious of criminal penalties. Taking steps to root out illegal activity is both a legal and business imperative for virtual currency firms.

<rhetorical question> Hm... what about FIAT and those problems? </rhetorical question>

[MPOE-PR]

http://www.youtube.com/watch?v=gkY8WBNjyqY

[BCB]

Lawsky has been in the news before:

Ben Lawsky's Moment: Financial World Pounces on Standard Chartered Regulator

Reuters


JOHN HUDSON 719 ViewsAUG 15, 2012
Nine days ago Ben Lawsky was a no-name financial regulator working for the state of New York, but now he's the front page protagonist behind the largest money laundering settlement in U.S. history. On Tuesday, the 42-year-old superintendent of financial services announced the $340 million payment by Standard Chartered, the British mega bank that allegedly laundered some $250 billion of Iranian money. Those charges, leveled at the bank eight days ago, came out of nowhere, but equally surprising was Lawsky's lightning-fast settlement of the case, which The New York Daily News championed as "quick and effective." "Bravo to state Financial Services Superintendent Ben Lawsky," added the tabloid. But despite the impressive haul for the one-year-old state agency, the man has quickly made enemies with powerful U.S. and European regulators and some of  the biggest voices in financial journalism. Here's how Lawsky's opponents are trying to take down New York's rising star regulator after his huge cash haul on Tuesday:

He jumped the gun. Lawsky's agency wasn't the only regulator looking into Standard Chartered's questionable dealings with Iran prior to last week's charges. According to reports, regulators including the U.S. Treasury, the Federal Reserve, the Justice Department and the Manhattan District Attorney were also involved in the matter. But in pursuing his go-it-alone strategy, Lawsky infuriated the feds and may have complicated forthcoming investigations and settlements, a former prosecutor tells Bloomberg. “Ben Lawsky hijacked the feds’ case,” says Rita Glavin, currently an attorney at Seward & Kissel LLP. “That kind of move causes a major headache for the Justice Department. Before, they may have been more willing to share with a state regulator. They may not be so willing in the future.”  While that may be true, The New York Times' Jessica Silver-Greenberg reports that its unclear if the feds would've pounced if Lawsky hadn't. "In the weeks leading up to Mr. Lawsky’s move against the bank, the Justice Department was on the brink of deciding not to pursue criminal charges, after concluding that virtually all of the transactions with Iran had complied with United States law, current and former authorities said." Either way, feathers were clearly ruffled.

He played fast and loose with the facts. In today's paper, The Wall Street Journal's editorial board makes a piercing assessment of Lawsky's conduct in the case. "His grandstanding on Standard Chartered may also do more harm than good. For one thing, his declaration of allegations includes some exaggerated facts. Of the $250 billion of transactions at issue, it now appears that $249 billion and change were legal at the time they occurred," writes the newspaper. "We're told by other law enforcers that roughly $300 million in transactions over the course of a decade were illegal. This is higher than the bank's public claim of only $14 million, but a tiny fraction of the amount in Mr. Lawsky's initial accusation. So far the illegal transactions also don't appear to have had any ties to terror or weapons." Pushing back against the Journal, blogger Yves Smith called it an "alternative reality editorial," noting that both "parties have agreed that the conduct at issue involved transactions of at least $250 billion."

He sacrificed the truth for a headline. CNN Money's Larry Doyle says a hasty fine settlement could prevent us from uncovering the actual misdeeds of Standard Chartered. "The last thing I want to see is a fine. Better that Standard Chartered pays not a penny than we suffer again from not truly knowing and learning the truth. A fine only serves to suffocate the truth," he writes, calling for an independent investigation. "When a bank is merely fined for dealing with a rogue nation such as Iran, that payment is nothing more than blood money. A fine does not rebuild confidence but erodes it dramatically because the public is aware that the truth remains under wraps. What rebuilds confidence? The truth. If the truth exposes ugly practices within Standard Chartered and similarly lax oversight from regulators, then so be it... In delivering the truth, the public and our global economy will be reinvigorated by fresh air filling our collective lungs."

It was a publicity stunt. In an interesting window into the world of competing global regulators, it appears Lawsky's peers aren't big fans of his alleged grandstanding. "Lawsky’s order angered U.K. officials, who viewed it as an attack on London’s status as a financial center," Bloomberg's Greg Farrell and Tiffany Kary report. "In the U.S., regulators including the Treasury Department, the Federal Reserve and the Manhattan District Attorney complained privately in published reports that Lawsky’s order was a publicity stunt that disrupted their own probes of the matter."

Want to add to this story? Let us know in comments or send an email to the author at jhudson@theatlantic.com. You can share ideas for stories on the Open Wire.

[Chet]

national security blah blah blah national security blah blah blah blah blah blah national security blah blah blah blah blah blah national security blah blah blah

[BCB]

Francine McKenna, Contributor
PERSONAL FINANCE
|
 
6/21/2013 @ 11:35AM |5,344 views
Deloitte By Any Name Won't Be Monitoring NY Banks For A While

When the Superintendent of the New York State Department of Financial Services, Benjamin Lawsky, said he was going to hammer on a banking consultant, many thought the nail might be ultra-connected Gene Ludwig’s Promontory Financial Services. After all, it was Promontory that pooh-poohed the bad conduct at Standard Chartered, estimating it at mere millions instead of hundreds of billions.
Instead Lawsky banged on Big Four auditor Deloitte’s Financial Advisory Services business unit. DFS fined the firm $10 million this week and banned Deloitte from accepting new consulting engagements at financial institutions regulated by Lawsky. Deloitte’s violations took place while standing in the shoes of the regulator as a “monitor” at Standard Chartered. The original Deloitte engagement was the result of a 2004 joint written agreement between Standard Chartered and the New York State Banking Department – a DFS predecessor agency – and the Federal Reserve Bank of New York which identified several compliance and risk management deficiencies in the anti-money laundering and Bank Secrecy Act controls at Standard Chartered’s New York branch.
The order addresses Deloitte’s “misconduct, violations of law, and lack of autonomy during its consulting work” at Standard Chartered Bank on those anti-money laundering (AML) issues.

From a press release from New York Governor Cuomo’s office:
DFS’s investigation into the conduct of firm professionals during its consulting work at Standard Chartered found that Deloitte:
Did not demonstrate the necessary autonomy required of consultants performing regulatory work. Based primarily on Standard Chartered’s objection, Deloitte removed a recommendation aimed at rooting out money laundering from its written final report on the matter to the Department. The recommendation discussed how wire messages or “cover payments” on transactions could be manipulated by banks to evade money laundering controls on U.S. dollar clearing activities.

Violated New York Banking Law § 36.10 by disclosing confidential information of other Deloitte clients to Standard Chartered. A senior Deloitte employee sent emails to Standard Chartered employees containing two reports on anti-money laundering issues at other Deloitte client banks. Both reports contained confidential supervisory information, which Deloitte FAS was legally barred by New York Banking Law § 36.10 from disclosing to third parties.

Oof!
American Banker’s Chris Cumming quotes mewhile describing the impact of this enforcement action.

More significant is the precedent Lawsky has set. It could be “very disruptive” for banks if other states, following New York’s lead, ban consultants from operating and issue their own sets of regulations, says Francine McKenna, an accounting watchdog and journalist who has contributed to American Banker‘s BankThink columns.

“Banks will have to have a contingency plan if suddenly a very significant consultant stops working,” she says.

Even though the New York sanctions on Deloitte would only apply to state-chartered banks, they could have a spillover effect in terms of industry-wide reputational risk. Some consultants expect to see big national banks — especially those already under regulatory scrutiny — also rethinking their use of the firm.

Deloitte’s law-breaking at Standard Chartered probably made officials at the Federal Reserve Bank of New York particularly uncomfortable. Deloitte’s audit arm is the financial auditor for the entire Federal Reserve system, and Deloitte also audits some of the firms the Fed has been highly dependent on during and after the crisis such as BlackRock. Deloitte’s actions at Standard Chartered belied its intended role as the eyes and ears of the Fed and DFS, making sure Standard Chartered corrected its money laundering ways. Instead, Deloitte helped Standard Chartered assuage regulator concerns by breaking the law and sharing confidential regulatory information with the bank from its other “monitor” engagements.

Deloitte has been working on a similar engagement to correct AML violations at the nationally chartered US operations of HSBC Holdings PLC in New Castle, Delaware, where the firm is again acting at the behest of the feds. The HSBC engagement is a “look-back” at thousands of old transactions ordered by the OCC in 2010 when the regulator cited the bank for multiple anti-money laundering failures. According to Reuters last year, it was not going well.

The New Castle look-back, overseen by consultants Deloitte LLP, was manned by more than 100 former law-enforcement officials, bank examiners and others. Many of them were working under contract with outside anti-money laundering consulting firms…In the HSBC look-back, one contractor said, many suspicious cases were “buried.” In one case, the contractor wanted to find out why 13 parties had wired a total of $1.3 million into an HSBC account in Hong Kong on the same day. He said that when he asked a Deloitte supervisor to request that the Hong Kong office provide information about the customer, he was told that decision rested with the HSBC manager in charge of the account. The information never was provided, and the same contractor said he was later fired for not clearing enough alerts.
The look-back team held brief weekly meetings at which Deloitte overseers ticked off how many cases had been cleared and complained about delays. Several contractors said that investigators deemed slow on the job were fired.
Similar allegations  - that Deloitte seems more eager to please a bank involved in a regulatory action rather than stand tough as the proxy for the regulator  - recently surfaced at Lloyds Bank in the UK. That engagement addressed customer claims processing for payment protection insurance (PPI), designed to cover loan repayments for debtors who became ill, had an accident or lost their jobs.
PPI was mis-sold by UK banks on a massive scale to customers who did not want or need it. According to the London Evening Standard, Lloyds – the biggest PPI seller in the UK  – was fined £4.3 million by the Financial Services Authority for not settling PPI claims promptly.

From the London Evening Standard on June 11:
Lloyds Banking Group has admitted “issues” in the handling of PPI complaints and fired Deloitte which operated the unit.
It comes as an undercover reporter on The Times claimed that when he went through the training procedure to join the PPI complaint centre at Royal Mint Court he saw staff taught how to “play the system” against customers.

This included turning a blind eye to the risk that fraud may have been committed and knowing that most customers gave up if their complaint was rejected first time around.
Most of the headlines for news stories about Deloitte FAS’s agreement with DFS regarding Standard Chartered referred simply to “Deloitte”. Deloitte spokesman Jonathan Gandal tried to make the distinction in the firm’s official statement:
Deloitte FAS looks forward to working constructively with DFS to establish best practices and procedures that are ultimately intended to become the industry standard for all independent consulting engagements under DFS’ supervision.

It is important to note that, as the agreement also states: “This is not intended to affect engagements performed by any Deloitte entity other than Deloitte FAS.  Neither the fact of this agreement nor any of its terms is intended to be, or should be construed as, a reflection of any of the other practices of Deloitte-affiliated entities.”

However, Deloitte itself says on its global website:
“Deloitte” is the brand under which nearly 200,000 professionals in independent firms throughout the world collaborate to provide audit, consulting, financial advisory,risk management, and tax services to selected clients.

Can’t have it both ways.
So it’s not too surprising that the public, and even regulators, legislators, and some journalists are often confused about the difference between Deloitte LLP the audit firm, Deloitte Consulting the consulting firm (not to be confused with Deloitte FAS LLP a different consulting firm), and Deloitte the tax advisory firm when one of them gets into trouble. It’s also hard to separate the Deloitte global member firms such as Deloitte’s China firm when it’s sued or sanctioned for Chinese reverse merger fraud and refuses to cooperate with the US regulators from Deloitte Touche Tohmatsu the global “coordinating” firm and then from the Deloitte US firms. The Big Four audit firms look more and more like any other multinational corporation hiding behind myriad separate legal entities rather than global professional services partnerships providing “seamless” service delivery.

Reputation risk doesn’t seem to get in the way anymore of audit firms helping some criminal banks do lots of illegal things. That’s what I said when DFS first made the allegations against Deloitte in August of last year.
“Reputation risk” is now an oxymoron. Bankers and their enablers, the audit firms, have no risk to their reputation from anyone that matters. They are both repeatedly the subject of settlements, consent decrees, non-prosecution agreements, cease and desist orders and the rest of the regulator arsenal. They keep profiting and repeating their crimes with impunity.
That’s what I warned about when Deloitte was awarded the “independent” consultant role at JP Morgan Chase, performing the “look back” review required by the OCC/Fed consent decrees signed with a dozen banks in April of 2011 as a result of foreclosure abuses. Deloittehas an even bigger incentive to cheat and look out for JPM Chase and itself on that engagement, rather than borrowers who were cheated by the bank. Most of the foreclosures Deloitte is “independently” reviewing are based on mortgages acquired by JPM from Bear Stearns and Washington Mutual, two of Deloitte’s audit clients before those institutions failed and were taken over by JPM.

I wondered out loud to NY DFS spokesman Matt Anderson, “How does DFS plan to make sure Deloitte, and the banks, don’t circumvent the ban by shifting Deloitte FAS staff to other Deloitte entities and running new engagements through them?”

Anderson reassured me. “DFS has the ability to monitor compliance since it controls access to confidential supervisory information under its 36.10 authority. They can’t access the information without our approval. The road runs through our agency.”

Benjamin Lawsky and the NY DFS team are on it. Let’s hope federal and state regulators in the US and international regulators follow that lead with similar tough actions against all the various forms, and firms, used by the Deloitte and its fellow Big Four enablers – PwC, KPMG and Ernst & Young.
Deloitte provided its full official statement, a portion of which was reproduced above, in response to my request for comment.

[piotr_n]

Ehhhh.... you and your country's national security - ever lasting excuse for anything; from dropping atomic bombs to fighting cryptography.

Give me a break, please and spare me this nazi bullshit - I have enough of it on my TV

[MSantori]

Cross-posting from the Legal Subforum:

DFS seems to have learned from the industry’s reaction to the California DFI’s bare cease and desist letter.  DFS coupled their subpoenas with a public notice stating explicitly the purpose of their requests: to involve the industry in developing “appropriate regulatory guidelines” for the digital currency industry.  The Foundation will support its members and the bitcoin community as needed during this process.  This includes engagement with regulators and, where appropriate, legal defense.

[Gabi]

4 horsemen of infocalypse

[MPOE-PR]

Cross-posting from the Legal Subforum:

DFS seems to have learned from the industry’s reaction to the California DFI’s bare cease and desist letter.  DFS coupled their subpoenas with a public notice stating explicitly the purpose of their requests: to involve the industry in developing “appropriate regulatory guidelines” for the digital currency industry.  The Foundation will support its members and the bitcoin community as needed during this process.  This includes engagement with regulators and, where appropriate, legal defense.

The foundation is welcome to begin by publishing accounts of all the BTC it scammed out of members of the community, and by separating the treasurer and the executive functions. Ideally five minutes after it quits posturing as if it had any sort of relevance whatsoever.

The gall of the MtGox-BFL pushers, incredible.

[Asymptote]

Dear Benjamin Lawsky,

Transparency is a two-way street.

If you desire transparency of Bitcoin companies, please reveal:

1) When your central bank will stop printing money and debasing the currency used by millions of retirees for their savings.

2) Why nobody at HSBC was criminally charged with money laundering, despite their recent case which represented the largest money laundering scandal in history.

3) Whether you believe two consenting adults, in an allegedly free country, having been found guilty of no crime, have the right to do business privately between themselves.

Of course, you don't have to respond to these questions, and you won't. Yet, you'll force other people to respond to your questions with threats of theft (fines) and or kidnapping (imprisonment). How civilized.

[superduh]

reserved

[franky1]

my reply.

DFS found millions upon millions of US Dollars related to drugs / terrorisism in the period from 2009-2013.

DFS found less then 12btc related to drugs / terrorisism in the period from 2009-2013.

Q)what terrorist problem do you refer to which are linked to 'virtual currencies?
1)the credit card thefts of US FIAT used in illegal activities by vandalising ATM machines to get card details.
A)bitcoin does not require ATM's

2)the millions/billions of currency used to buy weapons
A)so far NO bitcoin has been linked to obama selling weapons to enemies. bitcoin remains public property not government, which makes it harder for obama to cover up his war games.

[TippingPoint]

I fought the law and the Lawsky won.

[runam0k]

Bitcoin being taken seriously = good news for bitcoin.

If bitcoin is to succeed - by which I think we mean "go mainstream" - then regulatory guidance/interference is inevitable.  And not just in the US.

[acoindr]

Nice try Mr. Benjamin M. Lawsky, but several things...

First, don't try to pretend the businesses and individuals that use a currency are equal to a currency itself. There is no "virtual currency industry". There are individuals and businesses that may use virtual currency at various levels but that commonality doesn't separate all such entities neatly into one industry.

Second, don't imagine you have jurisdiction to make meaningful impact on the use of virtual currency. Bitcoin, for example, being a decentralized global currency extends beyond any one U.S. state, and indeed beyond the U.S. itself.

Last, the U.S. dollar, as the world's reserve currency, I can assure you has been far more dangerous on a measure of human morality than the fledgling billion dollar Bitcoin market. The U.S. dollar has undoubtedly financed far more drug deals, global scale arms deals, heinous crimes, assassination, and murdering of innocent children unfortunate enough to be in the path of U.S. militarism in places like Iraq and Afghanistan.

So, as you consider the purpose and intent of your regulation please keep in mind the reality of just how much more dangerous the U.S. dollar has factually been, for a number of years, in this world.

[mc_lovin]

I guess this explains why BitInstant has sort of stopped providing their services?

[Kluge]

I guess this explains why BitInstant has sort of stopped providing their services?

I'm not sure how US businesses can go forward without limiting the number of states they deal with, or cutting off service to the US altogether. It's a big fucking deal when a Bitcoin-oriented service snags a couple million in VC funds. For a "MSB" to be fully compliant and serve all the states, they need many multitudes more than that -- at no gain, except to have permission to operate. It's basically taking an enormous pile of money, dumping it in a pit, and having the company execs say "THAT'S how committed we are to this business." Compliance will snag a whole lot of business from people and companies which otherwise may not even consider buying BTC due to how risky using exchanges are right now.

I think there's going to be a bit of a blackout in the US from major service providers for years, but once funding and proper licensing is secured, we can get back off LocalBitcoins and sites too small to regulate, and enjoy safe trading from behind our desks again. While we're trading in a decentralized p2p way, though, the USG and states are almost certainly enabling money laundering and tax cheats -- so their priority shouldn't be in threatening service providers, but in establishing a path forward.

If regulators would just hold off and let these businesses grow to the point where they CAN fully comply, I think everyone'd be better off. Suggesting something like a five-year grace period would really be better for everyone involved than to start off a "conversation" talking publicly about enabling terrorism, child porn, and money laundering.

[acoindr]

I guess this explains why BitInstant has sort of stopped providing their services?

I'm not sure how US businesses can go forward without limiting the number of states they deal with, or cutting off service to the US altogether. It's a big fucking deal when a Bitcoin-oriented service snags a couple million in VC funds. For a "MSB" to be fully compliant and serve all the states, they need many multitudes more than that -- at no gain, except to have permission to operate. It's basically taking an enormous pile of money, dumping it in a pit, and having the company execs say "THAT'S how committed we are to this business." Compliance will snag a whole lot of business from people and companies which otherwise may not even consider buying BTC due to how risky using exchanges are right now.

I think there's going to be a bit of a blackout in the US from major service providers for years, but once funding and proper licensing is secured, we can get back off LocalBitcoins and sites too small to regulate, and enjoy safe trading from behind our desks again. While we're trading in a decentralized p2p way, though, the USG and states are almost certainly enabling money laundering and tax cheats -- so their priority shouldn't be in threatening service providers, but in establishing a path forward.

If regulators would just hold off and let these businesses grow to the point where they CAN fully comply, I think everyone'd be better off. Suggesting something like a five-year grace period would really be better for everyone involved than to start off a "conversation" talking publicly about enabling terrorism, child porn, and money laundering.

Just reading your post I can tell you haven't listened to this episode of Let's Talk Bitcoin:

http://letstalkbitcoin.com/post/57717761405/the-regulatory-question-inside-bitcoins-conference

The talk features a panel discussion from the recent Bitcoin Conference in New York, which included actual professionals in the regulatory space including from the U.S. GAO.

It's a big fucking deal when a Bitcoin-oriented service snags a couple million in VC funds. For a "MSB" to be fully compliant and serve all the states, they need many multitudes more than that -- at no gain, except to have permission to operate.

Not true. Again you need to listen to the talk. Also, not every Bitcoin related business is categorized as a money transmitter. If you want to sell fruit from your orchard, offer singing lessons, or babysitting services, for bitcoin you need no license, for example.